Last updated: May 2018
Brookland Partners LLP and its affiliates (“Brookland”) are committed to protecting the privacy and security of your personal information. In this privacy notice, the terms “we”, “our” or “us” are used to refer to the relevant group company.
As a “data controller” Brookland is required under the General Data Protection Regulation (“GDPR”) to notify you of how we will process your personal data. This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and for what purposes, and how you can exercise your privacy rights. This applies to personal information that we collect through our website or when engaging in our relationship or potential relationship with you (or your organisation) as a supplier, client or business partner of Brookland.
The scope of this privacy notice extends to personal data voluntarily provided by job candidates in the course of applying for and/or querying about potential job opportunities at Brookland, whether provided directly or indirectly (i.e. through a recruitment agency). This notice does not address personal data collected by Brookland following an offer of employment to a job candidate.
1. Who are we?
Brookland is a market-leading real estate investment banking firm that provides innovative, bespoke solutions in the European commercial real estate debt and equity markets. For more information about us, please see the About us section of our website.
Our contact details are as follows:
19 Langham Street,
Telephone: +44 (0) 203 540 9860
2. What personal information do we collect?
The personal data we collect will vary depending on your relationship with Brookland:
• For suppliers: we may hold information including (but not limited to) your name, gender, email address and other identifying addresses for electronic communications, telephone or fax number, postal address, photographic or video images, telephonic or electronic recordings, job title and/or specific role(s) within your organisation.
• For clients (and relevant counterparties including, without limitation, potential investors and lenders): we may hold information including (but not limited to) your name, gender, email address and other identifying addresses for electronic communications, telephone or fax number, postal address, photographic or video images, telephonic or electronic recordings, date of birth, nationality and/or citizenship status, job title and/or specific role(s) within your organisation, NI number (or equivalent), tax code, source of wealth details, banking information (including account details), copy of passport (and other forms of photographic identification including social security, driver’s license, national insurance and other identifying numbers), proof of postal and/or residential address (qualifying documents only – e.g. bank statement, utility bill).
• For job candidates (prior to receiving an employment offer from Brookland): we may hold information including (but not limited to) your name, gender, email address and other identifying addresses for electronic communications, telephone or fax number, postal and/or residential address, photographic or video images, telephonic or electronic recordings, date of birth, nationality and/or citizenship status, immigration/visa status, compensation/salary, curriculum vitae detailing employment and educational history, academic and/or professional qualifications, details relating to memberships and personal interests (which might constitute sensitive personal information), academic and/or professional references and referee details.
3. How do we use your personal information?
We use your personal data for the following purposes:
• To facilitate the performance or engagement of a contract between you and us;
• To carry out necessary anti-money laundering (AML) and “know your customer” (KYC) checks for due diligence purposes, in accordance with applicable law and regulation;
• To comply with regulatory and/or tax reporting obligations, in accordance with applicable law and regulation;
• To establish, exercise or defend our legal rights;
• To contact you by mail, telephone, email, SMS or other electronic messaging when engaging in our relationship or potential relationship with you;
• To contact you as part of a recruitment process;
• To identify and attain new talent, determine your qualifications and ultimately reach a hiring decision.
We will only use your personal data for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
4. What is our legal basis for processing your personal data?
Our legal basis for processing your personal information will vary depending on: (i) the type of information concerned; (ii) your relationship with Brookland; and (iii) the context in which the information is collected and/or provided.
In the majority of circumstances, we will only process your personal information under one or more of the following: (i) for the performance of a contract we have entered into with you (including the facilitation of entering into a contract with you); (ii) where we need to comply with a legal and/or regulatory obligation; (iii) where we have your explicit consent; or (iv) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
There are other rare occasions where we may use your personal data: (i) in order to protect your vital interests or those of another person; or (ii) where it is needed in the public interest.
In the unlikely event that we process your sensitive personal information, we do so under one or more of the following: (i) where we need to comply with applicable employment, social security and social protection law; (ii) where we have your explicit consent; (iii) in order to establish, exercise or defend legal claims; or (iv) where necessary for reasons of substantial public interest.
More information on lawful processing can be found on the ICO website.
5. Who do we share your personal data with?
Your personal data will be treated as strictly confidential, and will only be shared with the following categories of recipients (for the purposes outlined in section 3 of this notice):
• Our group companies or affiliated entities;
• Clients and relevant counterparties to a transaction;
• Third party suppliers and service providers (including recruitment agencies involved in your recruitment where applicable);
• Competent law enforcement, regulatory or government bodies;
• Any other person or organisation with your consent.
6. How long do we keep your personal data?
We will retain your personal data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you and provide/receive services; (ii) whether there is a legal and/or regulatory obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
7. How do we ensure that your personal data is secure?
We take your privacy and the protection of data very seriously. Accordingly, we have put in place appropriate technical and organisational measures to prevent unauthorised use of your personal data, including: (i) protecting our servers with software firewalls; (ii) locating our data storage facilities in secure locations; (iii) permitting access to personal information to appropriate employees and third parties only, for legitimate and specified business purposes; (iv) taking reasonable steps to ensure that staff and third parties are aware of their privacy and data security obligations; and (v) reviewing and updating this policy and our procedures as appropriate.
In the event that personal data we hold about you is subject to a breach, unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) and where required, to you too.
If a breach is likely to result in a risk to your data rights and freedoms, we will take all reasonable steps to notify you as soon as possible.
8. Transfers to third countries or international organisations
Depending on the relationship or potential relationship we have with you, there may be circumstances in which the personal data we collect from you or which you provide to us are processed in countries or international organisations outside of the European Economic Area (“EEA”).
If we transfer your information outside of the EEA and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and will be responsible for ensuring that your privacy rights continue to be protected as outlined in this notice, such as operating under the EU-US Privacy Shield Framework or standard contractual clauses adopted by the EU Commission to protect personal data.
9. What rights do you have in respect of how we use your personal data?
Subject to legal limitations (i.e. exemptions under the GDPR), you have the right to:
• Request access to your data: You can ask us to provide a copy of the personal data we hold about you.
• Request corrections to be made to your data: If you think that your personal data is incomplete or inaccurate you can ask us to correct it.
• Request erasure of your data: If you consider there to be no lawful basis for us to continue processing your data you can ask for that data to be deleted or removed.
• Object to the processing of your data: If our lawful basis for processing your data relates to a legitimate business interest (or third party interest) you can raise an objection to that interest. You can also object to us using your information for direct marketing purposes.
• Request that processing restrictions be put in place: If you believe that your information is being processed without a lawful reason or that the information is incorrect, you can request that a freeze/restriction is placed on the processing of the information until your concerns are addressed.
• Request a transfer of your personal data: You can ask us to transfer your personal data to a third party.
• Withdraw your consent: You can withdraw your consent at any time, where consent was our lawful basis for processing your personal data.
To exercise all relevant rights, or if you have a query or complaint, please contact us in the first instance using the contact details provided in section 1 of this notice.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the ICO.
The contact details for the ICO are as follows:
Information Commissioner’s Office,
Wycliffe House, Water Lane,
Telephone: +44 (0) 303 123 1113
10. Website use
This Website may include links to third party websites, plug-ins and applications.
Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements, so we encourage you to read the privacy notice of any third party website you visit before disclosing your personal information to it.
11. Changes to this privacy notice
We reserve the right to update this privacy notice at any time in response to varying legal, technical or business developments. Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email.